Administrator

Updating the Default Certificate for HTTPS Connections

SAP Mobile Platform Server includes a default self-signed certificate, which you must replace with a production-ready certificate. SAP recommends that you use the existing alias when you import a new certificate; that way, you can update all the certificates at the same time.

Context

The server and Management Cockpit share the local keystore, local_smp_keystore.jks, which is located in the <SMP_HOME>\Server\configuration directory.

Procedure

  1. Generate new production-ready certificates:
    Use your PKI system to generate SAP Mobile Platform Server certificates and key pairs, and have them signed with the Certificate Authority (CA) certificate that is used in your organization. Verify that you:
    • Use the existing alias smp_crt.
    • Set the CN of the certificate to *.<MyDomain>.
    SAP Mobile Platform is compliant with certificates and key pairs that are generated by most well-known PKI systems.
  2. Select Start of the navigation path Settings Next navigation step Certificates Next navigation step Local SMP Certificates End of the navigation path.
  3. Click the Import icon , and in the Import Certificate dialog, enter:
    • Certificate Type – PKCS #12.

    • Alias – smp_crt.

    • Certificate File – click Browse, and select the certificate file.

    • Private Key Password – a valid password for the private key.

  4. Click Import.

    If the certificate is imported successfully, a green box appears in the Valid column.

  5. (Optional) To generate a certificate signing request, identify the certificate, and select Start of the navigation path  Next navigation step Generate Certificate Signing Request End of the navigation path.

    The signing request is downloaded to the server.

  6. (Optional) To upload a certificate PKCS #7 signed response, select Start of the navigation path  Next navigation step Import Signed SSL Certificate End of the navigation path.

    The signed response is uploaded to the keystore.